Apple plugs critical holes in Darwin Streaming Server

Apple plugs critical holes in Darwin Streaming Server

Summary: Apple has released a new version of the open-source Darwin Streaming Server to plug a pair of security flaws that could cause code execution attacks.

SHARE:
TOPICS: Open Source, Servers
73

Apple has released a new version of the open-source Darwin Streaming Server to plug a pair of security flaws that could cause code execution attacks.Apple

The more serious of the two bugs -- a stack buffer overflow in the Darwin Streaming Proxy -- could allow a remote attacker to use maliciously crafted RTSP requests to launch arbitrary code. 

The second issue was also identified in the Darwin Streaming Proxy.  It is described as a heap buffer overflow that could allow a remote attacker to cause an unexpected application crash or the execution of harmful code.

iDefense's VCP, which buys the rights to vulnerability information, is credited with reporting both flaws to Apple.

The Darwin Streaming Server is the open-source version of Apple's QuickTime Streaming Server technology. It is used to send streaming media to clients across the Internet using the RTP and RTSP protocols.

Topics: Open Source, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

73 comments
Log in or register to join the discussion
  • Flaws? Possible exploits?

    In an Apple operating system? Say it ain't so!
    M.R. Kennedy
    • Hackers hijack Windows Update's downloader

      Say this isn't so , how can this be possible . I thought Microsoft's servers were the best in the world .

      Hackers hijack Windows Update's downloader
      Stealing Windows' BITS gets bad code past any firewall

      http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019118&intsrc=hm_list
      I'm Ye, the MS SHILL .
      • You've left something out...

        the system has to be owned first. To quote the article, "Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer." Obviously if they own your computer they can use anything they want.
        RocketEater
        • Which is why the web is plagued with so many problems .

          Windows machines comprise of the majority of the world machines . With that said , one has to think how many people actually patch their machines ? How many use anti-virus , firewalls , etc ,,, ? I'm pretty sure there are plenty of Windows machines that are owned worldwide . Ever hear about a BOTNET ? You sure are thick headed my fellow human .
          I'm Ye, the MS SHILL .
          • Oh brother!

            Yes I too am aware that there are many, many Windows computers that have been hacked and made part of botnets. But what does that have to do with your original post? Your original post made it sound like the Windows Update service was being exploited. This is utterly false.
            RocketEater
          • If so then go sue ComputerWorld.com for posting a false story .

            <NT>
            I'm Ye, the MS SHILL .
          • ObeyMeIAmRoot i think you are misreading the ComputerWorld article

            they did not say Microsoft's server is compromised and considering this is coming from Symantec's security response group they are going to hype this way out of proportions from what was said

            they seen one attack using this method ok i have not heard about it I've not seen any articles about this type of attack

            and you can bet you bottom dollar if there was a Trojan sent in this manor every tech news site on the new would have had it on the front page why because it's Microsoft.

            i think it's just more hype from an anti-virus vendor

            for one thing if they had figured out how to send Trojans and mail-ware this was using BITS they would be attacking every windows box in the world there would be no stoping them.

            so like i said that story was just hype :)
            SO.CAL Guy
  • Open Source and Apple

    This is obviously wrong as everyone knows open source and Apple are totally secure.
    TonyMcS
    • Don't complain

      I wouldn't bother with these sarcastic remarks, if I wasn't bombarded with lies from Apple ads on television every week. So don't bother to complain about my remarks - get Apple to stop those stupid ads. You can't claim a totally secure OS and bug-free apps just by rebadging the hardware and using warmed-over BSD.
      TonyMcS
      • Ads will be ads

        I don't use Geico, and I don't drink either Bud Light or Miller Lite (in fact, you'll probably never see an ad for the beer I drink). However, like Geico ads, they are amusing. If you don't hate Geico or claim that they don't insure as well as they say they do, or are extremely biased towards your own insurance company. Fact is, they'll still put out ads saying they can save you hundreds of dollars on car insurance, even if they don't save everyone that much. Stretching the truth or stating the average as, well, the norm is what ads do.
        Voodoo187
        • Interesting

          And yet Apple is the [b]only[/b] one that feels the need to negatively mention the competition by name, just like negative sleazy political attack ads. Oh, and when I use the word "competition", I in no way mean to suggest that Windows isn't a monopoly. Phew, close call!! Anyway, I see lots of MS ads that don't mention Apple or Oracle by name because Microsoft focuses on the positive within their products rather than trying to stretch the truth (as you put it) until they are telling baldfaced lies about other companies... by name. Disgusting, as are the people who support Apple.
          NonZealot
          • I wonder who on Apple's board gave them the idea

            to run ads [i]like negative sleazy political attack ads[/i]

            ;)
            John Zern
          • John Zern the name Steve Job's comes to mind for some reason lol (NT)

            (NT)
            SO.CAL Guy
          • Competition by name?

            That's funny.. All I've ever seen was "Apple vs PC" not "Apple vs Microsoft"
            ju1ce
          • I guess you did not see all the ones directly targeting Vista? Nt.

            .
            bka1959
          • ju1ce if you can't tell who mac is talking about in them commercials

            if you can't tell who mac is talking about in them commercials

            something is really wrong with you dude i mean lets face it a guy that looks like who

            and what OS do they talk about

            all tho I find the commercials funner than hell to say they are not Apple vs Microsoft is just burying you head in the sand and lying to your self lol
            SO.CAL Guy
          • The Bloatware was the funniest one and the only one that was Dead on! NT.

            ,
            bka1959
          • By Name???

            All the ads I've seen from Apple do not say any more than 'PC'. That doesn't sound like any company name I know. Back in the day, you might have been able to make a case for it referring to an IBM - but even that was shortlived, replaced by the XT, AT etc.. leaving PC to be a generic reference to a 'personal computer'.

            That you think this is an attack by name only reinforces the contention that MS is in a monopoly position. That wasn't your intent was it??
            Freebird54
          • Then you need to watch more ads!

            [i]All the ads I've seen from Apple do not say any more than 'PC'.[/i]

            Many of the ads state Vista by name, "Choose a Vista" and "Party is Over" for example.
            http://www.apple.com/getamac/

            [i]That you think this is an attack by name only reinforces the contention that MS is in a monopoly position. That wasn't your intent was it??[/i]

            No, because the ads actually [b]do[/b] attack MS by name, unless you know of another company that has just released an OS called Vista?

            Sorry for making you look like a fool. :(
            NonZealot
      • Out of interest

        Why did you respond to yourself? Well, it certainly appears to that way.
        zkiwi